An attempt to scrub the gathering moss off some stones and help them keep rolling smoothly along ... Thoughts on information technology and anything else, by Tony Austin, after a lifetime in Science and then the IT industry.

I tried to post a comment on the blog but, at the moment anyhow, it rejecting attempted comments with error message “Comment has been disallowed by the Spam Filter” – so, Vincenzo, you need to fix this.

Luckily, I had saved my comments offline (I’ve been caught before by bugs and annoyances like this, on various web sites that should work far better than they do).
So instead of losing them when the error page returned me to a blank comments section, below is the knowledge contribution that I tried to make at Vincenzo’s blog.

I don’t think it really helps a great deal. All that it answers, unfortunately, is "who MIGHT have stolen the jam?" and not "who ACTUALLY stole the jam?"

This is better than before, but not the complete story, since it still doesn't tell you what was deleted or changed, exactly when each event occurred, and so on. You might get the desired information from the Statlog server task, but this doesn't help for database actions performed while the user is disconnected from any server.

If you want a full audit trail, you need to write some code, perhaps using examples and tips from various web sites and blogs, or a couple of the tools available from OpenNTF.org to save you some effort.

There are some commercial offerings that go much further. For example, over the last ten years or so, I developed and enhanced a commercial developer toolkit (SDK) that I call NotesTracker, which records a lot of details about users who perform CRUD actions (Create, Read, Update, Delete).

And a range of other things, too. Continuing along the lines of Vincenzo’s question, this is sort of like whether the jam was marmalade, raspberry, strawberry, plum …

I've had some people ask me questions like "Can I determine who deleted certain important documents from my database right back in 2007?" (or quite a few months ago, anyway).

But they become very disappointed when I have to give them the bad news. That is, you must have previously switched on either the built-in Notes tracking (the "Record activity" option in the database properties) or in your roll-your-own tracking tool or a commercial one like NotesTracker.

And it must be configured properly to track deletions. For example, this is a user-definable setting in NotesTracker. See the snapshots here or here to understand what I mean.

(Click to view a larger image)

Naturally enough, they will not be able to discover the culprit before any such tracking was activated. Certainly not three or four years back, as one person asked me about, for sure!

According to the Admin Help database (under the topic "Managing database activity recording in databases") apparently only 64K is allocated to the native activity tracking, so you cannot even rely on it to keep more than a smallish amount of history. I would guess the built-in history that must fit into this 64K space will go back at most only a few weeks or months, depending on how busy that particular database is. The roll-your-own or commercial tools should enable you to retain tracking history as far back as you like, limited only by available disk space (certainly NotesTracker works this way).

But you'll get this storing of user activity only while the tracking was activated, of course. … Just like one of those crime movies where police find they can’t see who stole the Crown Jewels or the Mona Lisa because the video recording was switched off at the time the event happened!

About Me

Tony Austin ... Trained in science and engineering, still tend to approach life from a scientist's or engineer's viewpoint, but over the years have picked up skills in sales/marketing, journalism and other non-technical areas. Taught Chemistry / Math / Science in high schools. Joined IBM Australia in 1970, retired in 1995, since then have been an "independent consultant" [an oxymoron]. So now I have over four decades in the IT business, still enjoying it enormously - except, that is, for the same silly mistakes being repeated time and time again in function and interfaces, won't we ever learn? ... Decided to retire from IT consulting at end of 2013 after 44 years in the industry, closed Asia/Pacific Computer Services then, but am still regularly writing technology articles as an industry observer.